Conference Talks

Presentations are listed in reverse chronological order (most recent first).

Conference Talks
LCA 2020: Authentication Afterlife: The dark side of making lost password recovery harder (2020-01-14)
Kiwi PyCon 2014: Seize Control with Ryu (2014-09-13)
NZNOG 2013: The GeoNet Network: from 1 pps to 10,000 hits per second (2013-01-24)
NZNOG 2009: Scaling Monitoring: A Discussion Starter (2009-01-28)
Perl Mongers, Wellington: Using closures with DBIx::Class transactions (2007-02-13)
NZNOG 2007: Lightning Talk: "duplex full" considered harmful (2007-02-02)
NZNOG 2007: 42 Hosts in 1U: Using Virtual Machines (2007-01-31)
LCA 2006: A Sysadmin's View of VoIP (2006-01-23)
Netforum 2000: Linux based diskless workstation (2000-10-06)

LCA 2020: Authentication Afterlife: The dark side of making lost password recovery harder (2020-01-14)

Presented at the Security, Identity, and Privacy Miniconf at Linux.Conf.Au 2020, January 2020, Gold Coast, Queensland, Australia.

Abstract

Historically authentication was by username and password, perhaps with email as a password reset flow. Users often wrote down their passwords (particularly older users), and possibly they only had a few passwords and it was pretty easy to try all of them.

Modern times have proven that passwords, particularly reused passwords, are insufficient security for any slightly valuable account. So lots of people are using password managers, randomised passwords, and 2FA (hardware tokens, TOTP, etc). Some accounts also require an additional authentication flow (email, SMS) for "new device" logins. "Security Aware" users are using randomised answers to security challenge questions, perhaps also stored in their password managers.

This "security improvement" has a flip side: it's gone from being unlikely users will forget their passwords or get locked out, to being more likely users will lose access to their accounts through loss of 2FA or additional authentication paths (eg, phone number, or email), and more likely that users will struggle with lost password recovery. And there's a darker side still: if the user is incapacitated, or has passed away, often someone else close to them will need to act "on their behalf" with those accounts (for legitimate transactions, send out notifications, or just to archive the account), and will likely struggle to gain access to them without the original users full set of password manager / 2FA / etc.

How do we balance the need to improve authentication security, and reduce the simplicity of malicious account takeover, with the need for there to be a way for legitimate account use by bereaved family members, or other trusted associates? There are no easy answers here, but considering the questions is important.

Presentation Resources

Kiwi PyCon 2014: Seize Control with Ryu (2014-09-13)

Presented at the Kiwi PyCon 2014 conference, Wellington, New Zealand, September 2014.

Abstract

OpenFlow is an industry standard protocol for controlling modern network hardware (and software switches -- such as Open vSwitch in Linux), down to installing specific forwarding or filtering rules ("flows") into the hardware forwarding plane. Together with a well written OpenFlow Network Controller it allows you to create an intelligent Software Defined Network (SDN).

Ryu is a OpenFlow Network Controller framework, written in Python, that is already extremely capable and still being rapidly developed (new releases every month). It has been adopted by the OpenStack project amongst many others. Ryu implements the OpenFlow wire protocols and allows you to write event driven "apps" as Python modules, each running in their own eventlet. It comes with lots of examples. Your own apps can dictate switch forwarding and filtering policy in advance, or respond to new types of packets as they arrive. This gives you fine grained programmatic control over your network.

The talk will provide a brief outline of a how a Software Defined Network using Openflow works, and an introduction to writing your own Ryu "app" in Python. Plus plenty of pointers so you can get started experimenting yourself. Become the mad genius taking total control of your network!

Presentation Resources

NZNOG 2013: The GeoNet Network: from 1 pps to 10,000 hits per second (2013-01-24)

Combined presentation with Colin Dyer (GeoNet Project, GNS Science), at the NZNOG 2013 conference held in Wellington, New Zealand, in January 2013.

Presentation Resources

NZNOG 2009: Scaling Monitoring: A Discussion Starter (2009-01-28)

Short talk given at the NZNOG 2009 Sysadmin Miniconf, held as part of the NZNOG 2009 conference. The talk was given as a discussion starter on scaling a monitoring system from a single host to a distributed set of collectors. This presentation was not recorded.

Presentation Resources

"Scaling Monitoring: A Discussion Starter" -- slides

Perl Mongers, Wellington: Using closures with DBIx::Class transactions (2007-02-13)

Lightning talk given at Perl Mongers, Wellington in February 2007. It demonstrated how to use a Perl closure within a DBIx::Class transaction, to get better atomic transaction handling with minimal source code changes. This presentation was not recorded.

Presentation Resources

"Using closures with DBIx::Class transactions" -- slides

NZNOG 2007: Lightning Talk: "duplex full" considered harmful (2007-02-02)

Single slide lightning talk given at the NZNOG 2007 conference at Massey University in Palmerston North, New Zealand, in January/February 2007. It illustrated, with kittens and bombs, the perils of using duplex full on 10Mbps and 100Mbps network devices (both ends must be forced to duplex full for it to work properly).

Presentation Resources

"'duplex full' considered harmful" -- slides
"'duplex full' considered harmful" -- video
NZNOG 2007 Lighting Talks, 2007-02-02 (this lightning talk is from 18:10 to 20:28 in the full video)

NZNOG 2007: 42 Hosts in 1U: Using Virtual Machines (2007-01-31)

Presentation given at the NZNOG 2007 Sysadmin Miniconf, held as part of the NZNOG 2007 conference at Massey University in Palmerston North, New Zealand, in January/February 2007.

Abstract

Moore's Law has provided us with many hosts which are often mostly idle, but need need to be separate for security or other reasons. Virtual machine technology offers the network operator/ISP server operational advantages such as the ability to consolidate multiple virtual hosts onto one physical server saving power, heat, and money.

This talk will discuss the differences between common virtual machine technology, and describe how you can use Xen to virtualise your Linux systems. It will also discuss when virtualisation is an appropriate solution and when it isn't.

Presentation Resources

LCA 2006: A Sysadmin's View of VoIP (2006-01-23)

Presentation given at the Linux.Conf.Au 2006 Sysadmin Miniconf, held in Dunedin, New Zealand, as part of the Linux.Conf.Au 2006 conference, in January 2006. No recordings of this presentation still exist.

Abstract

An overview of Voice over IP (VoIP) technology from a system administrator's point of view. The talk will cover how VoIP works (focusing on SIP and H.323), issues with mixing VoIP with firewalls and/or NAT, and include a brief survey of open source tools for working with VoIP and debugging VoIP issues.

Presentation Resources

Netforum 2000: Linux based diskless workstation (2000-10-06)

Presentation prepared for Netforum 2000, held in Hamilton, New Zealand, 5-7 October 2000. This presentation was not recorded.

Abstract

Linux has received much popular press as a server operating system, but its applications in the workstation area have received less attention. This presentation describes how to use Linux and PC hardware to produce a diskless workstation booting off the network or a floppy disk. With suitable hardware the days of a quiet work area, free from computer noise, can return.

Naos Computer Consulting